US20130156180A1 - Method And Device For Securing Block Ciphers Against Template Attacks - Google Patents
Method And Device For Securing Block Ciphers Against Template Attacks Download PDFInfo
- Publication number
- US20130156180A1 US20130156180A1 US13/711,724 US201213711724A US2013156180A1 US 20130156180 A1 US20130156180 A1 US 20130156180A1 US 201213711724 A US201213711724 A US 201213711724A US 2013156180 A1 US2013156180 A1 US 2013156180A1
- Authority
- US
- United States
- Prior art keywords
- block cipher
- dummy
- permutations
- chain
- working
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- H04L9/28—
-
- G—PHYSICS
- G09—EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
- G09C—CIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
- G09C1/00—Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
- H04L9/003—Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/08—Randomization, e.g. dummy operations or using noise
Definitions
- the present disclosure relates to the securing of block ciphers against template attacks.
- a block cipher is a symmetrical encryption method in which the plain text to be encrypted is broken down into a sequence of blocks having the same length, by way of example the length 64 bits or 128 bits. Each block of plaintext is mapped onto a cipher block of the same length.
- Typical examples of block ciphers are the DES algorithm (DES, Data Encryption Standard) having a block width of 64 bits and the AES algorithm (AES, Advanced Encryption Standard) having a block width of 128 bits.
- Block ciphers are conventionally used if a large volume of data is to be encrypted.
- Template attacks belong to the category of side channel attacks. These are attacks against specific implementations of cryptographic methods which utilize physical side effects of the cryptographic sequences. Examples of such physical side effects are the required computing time, the resulting current profile and the electromagnetic radiation. The template attacks are not attacks against the cryptographic method per se, however.
- a commonality of all template attacks lies in recording the characteristic of the current consumption curve for a number of input data from plain-texts and self-selected keys and then developing a model which optimally describes the dependency of the current consumption on the input data. This can be called a learning phase.
- the current profile of the actual target platform which depends on an unknown secret key, is then recorded in a subsequent measuring phase.
- an attempt is then made to determine the a priori unknown key. This ideally occurs using a single measurement.
- the conventional technical countermeasures against template attacks are firstly the same ones as may also be used against DPA attacks (DPA, Differential Power Analysis).
- DPA Differential Power Analysis
- the individual dependency of the current consumption on the input data can be reduced by way of electrical smoothing of the implementation, for example by dual-rail logic.
- the cryptographic algorithm can be randomized in its sequence, by way of example by using random masks or by introducing what are known as “Random Wait States” into the process sequence.
- the keys used can be changed sufficiently frequently.
- a method for securing a block cipher (F), encrypted with a working key (K 0 ), against template attacks comprises: (a) providing a working permutation (F(K 0 )) fixed by the block cipher (F) and the working key (K 0 ), (b) providing a number N of dummy permutations (G(K 1 ), . . . , (G(K n )) that are fixed by N dummy keys (K 1 , . . .
- the number N of dummy permutations (G(K 1 ), . . . , (G(K n )) is provided such that each chain of N dummy permutations (G(K 1 ), . . . , G(K n )) produces a pre-image set of the block cipher (F).
- an implementation of a triple DES encryption is secured using the third model.
- the N dummy keys (K 1 , . . . , K n are permutated before each application of steps a) to c).
- the N dummy keys (K 1 , . . . , K n ) are re-formed before each application of steps a) to c).
- the working key (K 0 ) is permanently allocated to the block cipher (F).
- a computer program product for securing a block cipher (F), encrypted with a working key (K 0 ), against template attacks, the computer program product being embodied in non-transitory computer readable media and executable by a processor to: provide a working permutation (F(K 0 )) fixed by the block cipher (F) and the working key (K 0 ), provide a number N of dummy permutations (G(K 1 ), . . . , (G (K n )) that are fixed by N dummy keys (K 1 , . . .
- a device for securing a block cipher (F), encrypted with a working key (K 0 ), against template attacks, the device comprising: a first means for providing a working permutation (F(K 0 )) fixed by the block cipher (F) and the working key (K 0 ), a second means for providing a number N of dummy permutations (G(K 1 ), . . . , G(K n )), which are fixed by N dummy keys (K 1 , . . .
- a processor includes such a device.
- FIG. 1 shows a flowchart of an exemplary embodiment of a method for securing a block cipher against template attacks
- FIG. 2 shows a block diagram of an exemplary embodiment of a device for securing a block cipher against template attacks
- FIG. 3 shows a block diagram of an exemplary embodiment of a processor having a device according to FIG. 2 ;
- FIG. 4 shows a block diagram of a further exemplary embodiment of a device for securing a block cipher against template attacks.
- Embodiment of the present disclosure are configured to protect a block cipher, in which a fixed key is used, against template attacks.
- a method for securing a block cipher F, encrypted with a working key K 0 , against template attacks is proposed.
- a working permutation F(K 0 ) fixed by the block cipher F and the working key K 0 , and a number N of dummy permutations G(K 1 ), . . . , G(K n ) are provided.
- the N dummy permutations G(K 1 ), . . . , G(K n ) are fixed by N dummy keys K 1 , . . . , K n and the block cipher F or the inverse F ⁇ 1 of the block cipher F.
- the working permutation F(K 0 ) can be advantageously hidden in the chain H thereby, so the probability of a successful template attack is reduced.
- the keys K 1 , . . . , K m and K m+1 , . . . , K n used may be re-formed or at least permutated before each application of F.
- the pre-image set M of a block cipher is identical to the image set and that the block cipher achieves a permutation to M following selection of a key.
- the totality of permutations of a set M forms a group with respect to the chain “o” of images.
- the permutations of M can therefore be chained to each other as desired.
- the image of m under the permutation f 2 is therefore the pre-image for the permutation f 1 .
- the number N of dummy permutations G(K 1 ), . . . , G(K n ) is provided in such a way that a chain of N dummy permutations G(K 1 ), . . . , G(K n ) produces a pre-image set M of the block cipher F.
- the permutations G(K 1 ), . . . , G(K n ) are in particular chosen such that G(K 1 ) o G(K 2 ) o . . . o G(K n ) is the identical image id M on M.
- G(K 1 ) o G(K 2 ) o . . . o G(K m ) and G(K m+1 ) o G(K 2 ) o . . . o G(K n ) thereby achieve redundant representations of the identical image id M .
- G(K m ) is from the model (g 1 o g 2 o g 3 ⁇ 1 ) o (g 3 o g 2 ⁇ 1 o g 1 ⁇ 1 ) o (g 4 o g 5 o g 6 ⁇ 1 ) o (g 6 o g 5 ⁇ 1 o g 4 ⁇ 1 ) o . . .
- Method 3 is particularly suitable if implementations of the triple DES algorithm are to be secured.
- the possibility, which basically always exists, of iterating block ciphers may be used to secure an implementation of a block cipher against template attacks.
- Block ciphers are typically constructed in such a way that a rounding function is iterated several times. In each round a new partial key is used which is derived from the chosen key in accordance with a specified pattern, which is known as Key Scheduling.
- an implementation of a triple DES encryption is secured using the third model.
- N dummy keys K 1 , . . . , K n are permutated before each application of securing.
- N dummy keys K 1 , . . . , K n are re-formed before each application of securing.
- the working key K 0 is permanently allocated to the block cipher F.
- a computer program product which causes a method, as described above, for securing a block cipher F, encrypted with a working key K 0 , against template attacks to be carried out on a program-controlled device.
- a computer program product such as a computer program means can be provided or supplied by way of example as a storage medium, such as memory card, USB stick, CD-ROM, DVD or in the form of a file which can be downloaded from a server in a network. This can occur for example in a wireless communications network by the transmission of a corresponding file with the computer program product or computer program means.
- a device for securing a block cipher F, encrypted or working with a working key K 0 , against template attacks comprises a first means, a second means and a third means.
- the first means is set up to provide a working permutation F(K 0 ) fixed by the block cipher F and the working key K 0 .
- the second means is set up to provide a number N of dummy permutations G(K 1 ), . . . , G(K n ).
- the N dummy permutations G(K 1 ), . . . , G(K n ) are fixed by N dummy keys K 1 , . . .
- the respective means can be implemented in terms of hardware or software technology.
- the respective means can be constructed as a device or as part of a device, for example as a computer or microprocessor.
- the respective means can be constructed as a computer program product, a function, a routine, as part of a program code or as an executable object.
- a processor having a device as described above for securing a block cipher F, encrypted with a working key K 0 , against template attacks is also proposed.
- the device is implemented by way of example as part of the CPU (CPU, Control Processing Unit) of the processor.
- FIG. 1 shows a flowchart of an exemplary embodiment of a method for securing a block cipher F, encrypted with a working key K 0 , against template attacks.
- a working permutation F(K 0 ) fixed by the block cipher F and the working key K 0 is provided in step 101 .
- the working key K 0 is in particular permanently allocated to the block cipher F.
- step 102 a number N of dummy permutations G(K 1 ), . . . , G(K n ) is provided.
- the N dummy permutations G(K 1 ), . . . , G(K n ) are fixed by N dummy keys K 1 , . . . , K n and the block cipher F or the inverse F ⁇ 1 of the block cipher F.
- the N dummy keys K 1 , . . . , K n may be permutated or re-formed before each application of steps 101 to 103 .
- Steps 101 to 103 are implemented by a computer program product by way of example, which causes steps 101 to 103 to be carried out on a program-controlled device, by way of example on a processor.
- FIG. 2 shows a block diagram of an exemplary embodiment of a device 200 for securing a block cipher F, encrypted with a working key K 0 , against template attacks.
- the device 200 has a first means 201 , a second means 202 and a third means 203 .
- the first means 201 is set up to provide a working permutation F(K 0 ) fixed by the block cipher F and the working key K 0 .
- the second means 202 is set up to provide a number N of dummy permutations G(K 1 ), . . . , G(K n ).
- the N dummy permutations G(K 1 ), . . . , G(K n ) are fixed by N dummy keys K 1 , . . . , K n and the block cipher F or the inverse F ⁇ 1 of the block cipher F.
- FIG. 3 shows a block diagram of an exemplary embodiment of a processor 300 having a device 200 according to FIG. 2 .
- the device 200 is implemented by way of example as part of the CPU 301 of the processor 300 , which is coupled to a memory 302 .
- the working key K 0 and the dummy keys K 1 , . . . , K n in particular can be stored in the memory 302 .
- FIG. 4 shows a block diagram of a further exemplary embodiment of a device 400 for securing a block cipher against template attacks.
- the device 400 in FIG. 4 has a key store 401 for storing the keys K 1 , . . . , K n , an input 402 for an application means 403 , the application means 403 and an output 404 of the application means 403 .
- the output 404 is fed back to the input 402 .
- the application means 403 integrates the functions of the first means 201 , the second means 202 and the third means 203 in FIG. 2 in particular.
- the key store 401 provides the keys K 1 , . . . , K n in the desired sequence. Encryption begins in that the input 402 provides the application means 403 with the plaintext m and the application means 403 executes the algorithm G with the first key K 1 .
- the plaintext m is encrypted to give G(K 1 ) (m).
- This first cipher text G(K 1 ) (m) is fed back from the output 404 into the input 402 and therewith into the application means 403 .
- Encryption is then performed with the key K 2 to give G(K 2 ) (G) (K 1 ) (m). Encryption is carried out accordingly until the last key K n has been used.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
A method for securing a block cipher F, encrypted with a working key K0, against template attacks is provided. A working permutation F(K0) fixed by the block cipher F and the working key K0, and a number N of dummy permutations G(K1), . . . , G(Kn) are provided. The N dummy permutations G(K1), . . . , G(Kn) are fixed by N dummy keys K1, . . . , Kn and the block cipher F or the inverse F−1 of the block cipher F. The working permutation F(K0) and the N dummy permutations G(K1), . . . , (G(Kn) are chained to form a chain H in such a way that the chain H and the working permutation F(K0) produce an identical image (H=F(K0)). A block cipher F, in which a fixed key K0 is used, is protected against template attacks as a result. A computer program product and a device for securing a block cipher F against template attacks are also proposed.
Description
- This application claims priority to DE Patent Application No. 10 2011 088 502.1 filed Dec. 14, 2011. The contents of which is incorporated herein by reference in its entirety.
- The present disclosure relates to the securing of block ciphers against template attacks.
- A block cipher is a symmetrical encryption method in which the plain text to be encrypted is broken down into a sequence of blocks having the same length, by way of example the length 64 bits or 128 bits. Each block of plaintext is mapped onto a cipher block of the same length. Typical examples of block ciphers are the DES algorithm (DES, Data Encryption Standard) having a block width of 64 bits and the AES algorithm (AES, Advanced Encryption Standard) having a block width of 128 bits. Block ciphers are conventionally used if a large volume of data is to be encrypted.
- Implementations of block ciphers are typically sometimes attacked using template attacks.
- Template attacks belong to the category of side channel attacks. These are attacks against specific implementations of cryptographic methods which utilize physical side effects of the cryptographic sequences. Examples of such physical side effects are the required computing time, the resulting current profile and the electromagnetic radiation. The template attacks are not attacks against the cryptographic method per se, however.
- In the case of a template attack it is assumed that the attacker has full access to a training implementation of the cryptographic method which is identical in terms of model in hard- and software to the actual target implementation which is to be attacked. Only the key or keys of the cryptographic method, whose implementation is to be attacked, are not available on the training implementation. A commonality of all template attacks lies in recording the characteristic of the current consumption curve for a number of input data from plain-texts and self-selected keys and then developing a model which optimally describes the dependency of the current consumption on the input data. This can be called a learning phase.
- After this learning phase with the training implementation the current profile of the actual target platform, which depends on an unknown secret key, is then recorded in a subsequent measuring phase. With the aid of the model, created previously, about the connection between input data and current profile, an attempt is then made to determine the a priori unknown key. This ideally occurs using a single measurement.
- It is obvious that the special situation, which forms the basis of the attack scenario of a template attack, does not always exist. Thus platforms with changeable keys may be prevented from coming into circulation at all by way of logistic means for instance. Furthermore, the key memories of a potential training platform may be electronically locked, so that it is virtually impossible to record the required measurement data with self-selected input data at all.
- If, however, there is the possibility of a template attack, template attacks are actually the most powerful side channel attacks.
- The conventional technical countermeasures against template attacks are firstly the same ones as may also be used against DPA attacks (DPA, Differential Power Analysis). By way of example, the individual dependency of the current consumption on the input data can be reduced by way of electrical smoothing of the implementation, for example by dual-rail logic. Furthermore, the cryptographic algorithm can be randomized in its sequence, by way of example by using random masks or by introducing what are known as “Random Wait States” into the process sequence. Furthermore, the keys used can be changed sufficiently frequently.
- However, there are implementation situations in which a key change in not possible owing to external specifications, for example owing to standards.
- In one embodiment, a method for securing a block cipher (F), encrypted with a working key (K0), against template attacks comprises: (a) providing a working permutation (F(K0)) fixed by the block cipher (F) and the working key (K0), (b) providing a number N of dummy permutations (G(K1), . . . , (G(Kn)) that are fixed by N dummy keys (K1, . . . , Kn) and the block cipher (F) or an inverse (F−1) of the block cipher (F), and (c) chaining the working permutation (F(K0) and the dummy permutations (G(K1), . . . , (G(Kn)) to form a chain such that the chain and the working permutation (F(K0)) produce an identical image.
- In a further embodiment, the number N of dummy permutations (G(K1), . . . , (G(Kn)) is provided such that each chain of N dummy permutations (G(K1), . . . , G(Kn)) produces a pre-image set of the block cipher (F).
- In a further embodiment, the chain of N dummy permutations is achieved by a first model having (g1 o g1 −1) o (g2 o g2 −1) o . . . o (gn o gn −1), where gi=G(Ki), wherein G designates the block cipher (F) or the inverse (F−1) of the block cipher, and wherein Ki, where iε[1, . . . , n], designates the N dummy keys (K1, . . . , Kn).
- In a further embodiment, the chain of N dummy permutations is achieved by a second model having (g1 o g2 o . . . . o gn) o (gn −1 o . . . o g2 −1 o g1 −1), where gi=G(Ki), wherein G designates the block cipher (F) or the inverse (F−1) of the block cipher, and wherein Ki, where ε[1, n], designates the N dummy keys (K1, . . . , Kn).
- In a further embodiment, the chain of N dummy permutations is achieved by a third model having (g1 o g2 o g3 −1) o (g3 o g2 −1 o g1 −1) o (g4 o g5 o g6 −1) o (g6 o g5 −1 o g4 −1) o . . . , where gi=G (Ki), wherein G designates the block cipher (F) or the inverse (F−1) of the block cipher, and wherein Ki, where iε[1, . . . , n], designates the N dummy keys (K1, . . . , Kn).
- In a further embodiment, an implementation of a triple DES encryption is secured using the third model.
- In a further embodiment, the N dummy keys (K1, . . . , Kn are permutated before each application of steps a) to c).
- In a further embodiment, the N dummy keys (K1, . . . , Kn) are re-formed before each application of steps a) to c).
- In a further embodiment, the working key (K0) is permanently allocated to the block cipher (F).
- In a further embodiment, a computer program product is provided for securing a block cipher (F), encrypted with a working key (K0), against template attacks, the computer program product being embodied in non-transitory computer readable media and executable by a processor to: provide a working permutation (F(K0)) fixed by the block cipher (F) and the working key (K0), provide a number N of dummy permutations (G(K1), . . . , (G (Kn)) that are fixed by N dummy keys (K1, . . . , Kn) and the block cipher (F) or an inverse (F−1) of the block cipher (F), and chain the working permutation (F(K0)) and the dummy permutations (G(K1), . . . , (G(Kn)) to form a chain such that the chain and the working permutation (F(K0)) produce an identical image.
- In another embodiment, a device is provided for securing a block cipher (F), encrypted with a working key (K0), against template attacks, the device comprising: a first means for providing a working permutation (F(K0)) fixed by the block cipher (F) and the working key (K0), a second means for providing a number N of dummy permutations (G(K1), . . . , G(Kn)), which are fixed by N dummy keys (K1, . . . , Kn and the block cipher (F) or the inverse (F−1) of the block cipher (F), and a third means for chaining the working permutation (F(K0)) and the dummy permutations (G(K1), . . . , G(Kn)) to form a chain (H) in such a way that the chain (H) and the working permutation (F(K0)) produce an identical image. In another embodiment, a processor includes such a device.
- Example embodiments will be explained in more detail below with reference to figures, in which:
-
FIG. 1 shows a flowchart of an exemplary embodiment of a method for securing a block cipher against template attacks; -
FIG. 2 shows a block diagram of an exemplary embodiment of a device for securing a block cipher against template attacks; -
FIG. 3 shows a block diagram of an exemplary embodiment of a processor having a device according toFIG. 2 ; and -
FIG. 4 shows a block diagram of a further exemplary embodiment of a device for securing a block cipher against template attacks. - Embodiment of the present disclosure are configured to protect a block cipher, in which a fixed key is used, against template attacks.
- For example, a method for securing a block cipher F, encrypted with a working key K0, against template attacks is proposed. A working permutation F(K0) fixed by the block cipher F and the working key K0, and a number N of dummy permutations G(K1), . . . , G(Kn) are provided. The N dummy permutations G(K1), . . . , G(Kn) are fixed by N dummy keys K1, . . . , Kn and the block cipher F or the inverse F−1 of the block cipher F. The working permutation F(K0) and the N dummy permutations G(K1), . . . , (G(Kn) are chained to form a chain H in such a way that the chain H and the working permutation F(K0) produce an identical image (H=F(K0)).
- The permutation F(K0) fixed by the block cipher F and the keys K0 is then chained to form a product H=G(K1) o G(K2) o . . . o G(Km) o F(K0) o G (Km+1) o G (Km+2) o . . . o G(Kn) of permutations in such a way that H=F(K0) always applies. The working permutation F(K0) can be advantageously hidden in the chain H thereby, so the probability of a successful template attack is reduced.
- The keys K1, . . . , Km and Km+1, . . . , Kn used may be re-formed or at least permutated before each application of F. The block cipher G is chosen as G=F or G=F−1 in this connection.
- Use is made of the fact that the pre-image set M of a block cipher is identical to the image set and that the block cipher achieves a permutation to M following selection of a key. The totality of permutations of a set M forms a group with respect to the chain “o” of images. The permutations of M can therefore be chained to each other as desired. The result of the chain is always a permutation of M again. If f1 and f2 are two random permutations of M, the effect of the chained permutation f1 o f2 is defined by f1 o f2(m)=f1(f2(m)), if m designates a random element of M. The image of m under the permutation f2 is therefore the pre-image for the permutation f1.
- In one embodiment the number N of dummy permutations G(K1), . . . , G(Kn) is provided in such a way that a chain of N dummy permutations G(K1), . . . , G(Kn) produces a pre-image set M of the block cipher F.
- The permutations G(K1), . . . , G(Kn) are in particular chosen such that G(K1) o G(K2) o . . . o G(Kn) is the identical image idM on M. The permutations G(Km+1), . . . , G(Kn) are accordingly also selected such that G(Km+1) o G(Km+2 ) o . . . o G(Kn)=idM applies.
- Overall the following applies therefore H=G(K1) o G(K2) o . . . o G(Km) o F(K0) o G(Km+1) o G(Km+2) o . . . o G(Kn)=(G(K1) o G(K2) o . . . o G(Km)) o F(K0) o (G(Km+1) o G(Km+2) o . . . o G(Kn))=idM o F(K0) o idM=F(K0).
- G(K1) o G(K2) o . . . o G(Km) and G(Km+1) o G(K2) o . . . o G(Kn) thereby achieve redundant representations of the identical image idM.
- The following methods show how these redundant representations of the identical image may be easily obtained. gi:=G(Ki) is used to simplify notation.
- Method 1: id=G(K1) o G(K2) o . . . o G(Km) is from the model (g1 o g1 −1) o (g2 o g2 −1) o . . . o (gm o gm −1)
- Method 2: id=G(K1) o G(K2) o . . . o G(Km) is from the model (g1 o g2 o . . . o gm) o (gm −1 o . . . o g2 −1 o g1 −1)
- Method 3: id=G(K1) o G(K2) o . . . o G(Km) is from the model (g1 o g2 o g3 −1) o (g3 o g2 −1 o g1 −1) o (g4 o g5 o g6 −1) o (g6 o g5 −1 o g4 −1) o . . .
- Furthermore, random mixed forms of the three said methods are possible. The described procedure is also valid for the permutation G(Km+1) o G(K2) o . . . o G(Kn).
- Method 3 is particularly suitable if implementations of the triple DES algorithm are to be secured.
- According to the certain embodiment the possibility, which basically always exists, of iterating block ciphers may be used to secure an implementation of a block cipher against template attacks.
- The iteration of block ciphers would conventionally only be used to increase the key space of an algorithm. A known example of this approach is the triple DES, which—in the above notation—causes a permutation of the model g1 o g2 o g3 −1 after three keys have been chosen.
- Block ciphers are typically constructed in such a way that a rounding function is iterated several times. In each round a new partial key is used which is derived from the chosen key in accordance with a specified pattern, which is known as Key Scheduling. As a rule, the permutation f—i.e. f=F(K)—, formed by a block cipher F following selection of a key K, differs from the associated inverse permutation f−1 only by a different Key Scheduling. f−1 can consequently also be achieved by the block cipher F.
- This results in a method for securing block ciphers, which are operated with a fixed key, against template attacks which is very easy to implement. The actual implementation of the block cipher can be unchanged, only the loop counter, which controls the number of iterations—the rounding function—, is increased.
- Key Scheduling is modified such that it achieves a sequence of permutations as described above, see method 1 to method 3.
- In a further embodiment the chain of N dummy permutations G(K1), . . . , G(Kn) is achieved by a first model having (g1 o g1 −1) o (g2 o g2 −1) o . . . o (gn o gn −1), where gi=G(Ki), wherein G designates the block cipher F or the inverse F−1 of the block cipher F and wherein Ki, where iε[1, . . . , n], designates the N dummy keys K1, . . . , Kn.
- In a further embodiment the chain of N dummy permutations G(K1), . . . , G(Kn) is achieved by a second model having (g1 o g2 o . . . o gn) o (gn −1 o . . . o g2 −1 o g1 −1), where gi=G(Ki), wherein G designates the block cipher F or the inverse F−1 of the block cipher F and wherein Ki, where iε[1, . . . , n], designates the N dummy keys K1, . . . , Kn.
- In a further embodiment the chain of N dummy permutations is achieved by a third model having (g1 o g2 o g3 −1) o (g3 o g2 −1 o g1 −1) o (g4 o g5 o g6 −1) o (g6 o g5 −1 o g4 −1) o . . . , where gi=G(Ki), wherein G designates the block cipher F or the inverse F−1 of the block cipher F and wherein Ki, where iε[1, . . . , n], designates the N dummy keys K1, . . . , Kn.
- In a further embodiment an implementation of a triple DES encryption is secured using the third model.
- In a further embodiment the N dummy keys K1, . . . , Kn are permutated before each application of securing.
- In a further embodiment the N dummy keys K1, . . . , Kn are re-formed before each application of securing.
- In a further embodiment the working key K0 is permanently allocated to the block cipher F.
- A computer program product is also proposed which causes a method, as described above, for securing a block cipher F, encrypted with a working key K0, against template attacks to be carried out on a program-controlled device.
- A computer program product such as a computer program means can be provided or supplied by way of example as a storage medium, such as memory card, USB stick, CD-ROM, DVD or in the form of a file which can be downloaded from a server in a network. This can occur for example in a wireless communications network by the transmission of a corresponding file with the computer program product or computer program means.
- A device for securing a block cipher F, encrypted or working with a working key K0, against template attacks is also proposed which comprises a first means, a second means and a third means. The first means is set up to provide a working permutation F(K0) fixed by the block cipher F and the working key K0. The second means is set up to provide a number N of dummy permutations G(K1), . . . , G(Kn). The N dummy permutations G(K1), . . . , G(Kn) are fixed by N dummy keys K1, . . . , Kn and the block cipher F or the inverse F−1 of the block cipher F. The third means is set up to chain the working permutation F(K0) and the N dummy permutations G(K1), . . . , G(Kn) to form a chain H in such a way that the chain H and the working permutation F(K0) produce an identical image (H=F(K0)).
- The respective means can be implemented in terms of hardware or software technology. With a hardware implementation the respective means can be constructed as a device or as part of a device, for example as a computer or microprocessor. With a software implementation the respective means can be constructed as a computer program product, a function, a routine, as part of a program code or as an executable object.
- A processor having a device as described above for securing a block cipher F, encrypted with a working key K0, against template attacks is also proposed. The device is implemented by way of example as part of the CPU (CPU, Control Processing Unit) of the processor.
-
FIG. 1 shows a flowchart of an exemplary embodiment of a method for securing a block cipher F, encrypted with a working key K0, against template attacks. - A working permutation F(K0) fixed by the block cipher F and the working key K0 is provided in step 101. The working key K0 is in particular permanently allocated to the block cipher F.
- In step 102 a number N of dummy permutations G(K1), . . . , G(Kn) is provided. The N dummy permutations G(K1), . . . , G(Kn) are fixed by N dummy keys K1, . . . , Kn and the block cipher F or the inverse F−1 of the block cipher F.
- In
step 103 the working permutation F(K0) and the N dummy permutations G(K1), . . . , G(Kn) are chained to form a chain H in such a way that the chain H and the working permutation F(K0) produce an identical image (H=F(K0)). - The N dummy keys K1, . . . , Kn may be permutated or re-formed before each application of steps 101 to 103.
- Steps 101 to 103 are implemented by a computer program product by way of example, which causes steps 101 to 103 to be carried out on a program-controlled device, by way of example on a processor.
-
FIG. 2 shows a block diagram of an exemplary embodiment of adevice 200 for securing a block cipher F, encrypted with a working key K0, against template attacks. - The
device 200 has afirst means 201, asecond means 202 and athird means 203. The first means 201 is set up to provide a working permutation F(K0) fixed by the block cipher F and the working key K0. The second means 202 is set up to provide a number N of dummy permutations G(K1), . . . , G(Kn). The N dummy permutations G(K1), . . . , G(Kn) are fixed by N dummy keys K1, . . . , Kn and the block cipher F or the inverse F−1 of the block cipher F. The third means 203 is set up to chain the working permutation F(K0) and the N dummy permutations G(K1), . . . , G(Kn) to form a chain H in such a way that the chain H and the working permutation F(K0) produce an identical image (H=F(K0)). -
FIG. 3 shows a block diagram of an exemplary embodiment of aprocessor 300 having adevice 200 according toFIG. 2 . Thedevice 200 is implemented by way of example as part of theCPU 301 of theprocessor 300, which is coupled to amemory 302. The working key K0 and the dummy keys K1, . . . , Kn in particular can be stored in thememory 302. -
FIG. 4 shows a block diagram of a further exemplary embodiment of adevice 400 for securing a block cipher against template attacks. - The
device 400 inFIG. 4 has akey store 401 for storing the keys K1, . . . , Kn, aninput 402 for an application means 403, the application means 403 and anoutput 404 of the application means 403. Theoutput 404 is fed back to theinput 402. - The application means 403 integrates the functions of the
first means 201, thesecond means 202 and the third means 203 inFIG. 2 in particular. - The
key store 401 provides the keys K1, . . . , Kn in the desired sequence. Encryption begins in that theinput 402 provides the application means 403 with the plaintext m and the application means 403 executes the algorithm G with the first key K1. The plaintext m is encrypted to give G(K1) (m). This first cipher text G(K1) (m) is fed back from theoutput 404 into theinput 402 and therewith into the application means 403. Encryption is then performed with the key K2 to give G(K2) (G) (K1) (m). Encryption is carried out accordingly until the last key Kn has been used. - Although the invention has been illustrated and described in more detail by exemplary embodiments, it is not limited by the disclosed examples and other variations can be derived here-from by the person skilled in the art without departing from the scope of the invention.
Claims (18)
1. A method for securing a block cipher (F), encrypted with a working key (K0), against template attacks, the method comprising:
a) providing a working permutation (F(K0)) fixed by the block cipher (F) and the working key (K0),
b) providing a number N of dummy permutations (G(K1), . . . , (G(Kn)) that are fixed by N dummy keys (K1, . . . , Kn) and the block cipher (F) or an inverse (F−1) of the block cipher (F), and
c) chaining the working permutation (F(K0)) and the dummy permutations (G(K1), . . . , (G(Kn)) to form a chain such that the chain and the working permutation (F(K0)) produce an identical image.
2. The method of claim 1 , wherein the number N of dummy permutations (G(K1), . . . , (G(Kn)) is provided such that each chain of N dummy permutations (G(K1), . . . , G(Kn)) produces a pre-image set of the block cipher (F).
3. The method of claim 2 , wherein the chain of N dummy permutations is achieved by a first model having (g1 o g1 −1) o (g2 o g2 −1) o . . . o (gn o gn −1), where gi=G(Ki), wherein G designates the block cipher (F) or the inverse (F−1) of the block cipher, and wherein Ki, where iε[1, . . . , n], designates the N dummy keys (K1, . . . , Kn).
4. The method of claim 2 , wherein the chain of N dummy permutations is achieved by a second model having (g1 o g2 o . . . o gn) o (gn −1 o . . . o g2 −1 o g1 −1), where gi=G(Ki), wherein G designates the block cipher (F) or the inverse (F−1) of the block cipher, and wherein Ki, where iε[1, . . . , n], designates the N dummy keys (K1, . . . , Kn).
5. The method of claim 2 , wherein the chain of N dummy permutations is achieved by a third model having (g1 o g2 o g3 −1) o (g3 o g2 −1 o g1 −) o (g4 o g5 o g6 −1) o (g6 o g5 −1 o g4 −1) o . . . , where gi=G(Ki), wherein G designates the block cipher (F) or the inverse (F−1) of the block cipher, and wherein Ki, where i ε[1, . . . , n], designates the N dummy keys (K1, . . . , Kn).
6. The method of claim 5 , wherein an implementation of a triple DES encryption is secured using the third model.
7. The method of claim 1 , wherein the N dummy keys (K1, . . . , Kn) are permutated before each application of steps a) to c).
8. The method of claim 1 , wherein the N dummy keys (K1, . . . , Kn) are re-formed before each application of steps a) to c).
9. The method of claim 1 , wherein the working key (K0) is permanently allocated to the block cipher (F).
10. A computer program product for securing a block cipher (F), encrypted with a working key (K0), against template attacks, the computer program product being embodied in non-transitory computer readable media and executable by a processor to: provide a working permutation (F(K0)) fixed by the block cipher (F) and the working key (Kd0),
provide a number N of dummy permutations (G(K1), . . . , (G(Kn)) that are fixed by N dummy keys (K1, . . . , Kn) and the block cipher (F) or an inverse (F−1) of the block cipher (F), and
chain the working permutation (F(K0)) and the dummy permutations (G(K1), . . . , (G(Kn)) to form a chain such that the chain and the working permutation (F(K0)) produce an identical image.
11. The computer program product of claim 10 , wherein the number N of dummy permutations (G(K1), . . . , (G (Kn)) is provided such that each chain of N dummy permutations (G(K1), . . . , G(Kn)) produces a pre-image set of the block cipher (F).
12. The computer program product of claim 11 , wherein the chain of N dummy permutations is achieved by a first model having (g1 o g1 −1) o (g2 o g2 −1) o . . . o (gn o gn −1), where gi=G(Ki), wherein G designates the block cipher (F) or the inverse (F−1) of the block cipher, and wherein Ki, where iε[1, . . . , n], designates the N dummy keys (K1, . . . , Kn).
13. The computer program product of claim 11 , wherein the chain of N dummy permutations is achieved by a second model having (g1 o g2 o . . . o gn) o (gn −1 o . . . o g2 −1 o g1 −1), where gi=G(Ki), wherein G designates the block cipher (F) or the inverse (F−1) of the block cipher, and wherein Ki, where iε[1, . . . , n], designates the N dummy keys (K1, . . . , Kn).
14. The computer program product of claim 11 , wherein the chain of N dummy permutations is achieved by a third model having (g2 o g2 o g3 −1) o (g3 o g2 −1 o g1 −1) o (g4 o g5 o g6 −1) o (g6 o g5 −1 o g4 −1) o . . . , where gi=G(Ki), wherein G designates the block cipher (F) or the inverse (F−1) of the block cipher, and wherein Ki, where iε[1, n], designates the N dummy keys (K1, . . . , Kn).
15. The computer program product of claim 14 , wherein an implementation of a triple DES encryption is secured using the third model.
16. The computer program product of claim 10 , wherein the N dummy keys (K1, . . . , Kn) are permutated before each application of steps a) to c).
17. The computer program product of claim 10 , wherein the N dummy keys (K1, . . . , Kn) are re-formed before each application of steps a) to c).
18. The computer program product of claim 10 , wherein the working key (K0) is permanently allocated to the block cipher (F).
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE102011088502.1 | 2011-12-14 | ||
DE102011088502A DE102011088502B3 (en) | 2011-12-14 | 2011-12-14 | Method and apparatus for securing block ciphers against template attacks |
Publications (1)
Publication Number | Publication Date |
---|---|
US20130156180A1 true US20130156180A1 (en) | 2013-06-20 |
Family
ID=47074645
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/711,724 Abandoned US20130156180A1 (en) | 2011-12-14 | 2012-12-12 | Method And Device For Securing Block Ciphers Against Template Attacks |
Country Status (4)
Country | Link |
---|---|
US (1) | US20130156180A1 (en) |
EP (1) | EP2605445B1 (en) |
CN (1) | CN103166751A (en) |
DE (1) | DE102011088502B3 (en) |
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140195816A1 (en) * | 2013-01-09 | 2014-07-10 | Cisco Technology Inc. | Plaintext Injection Attack Protection |
CN104657680A (en) * | 2013-11-20 | 2015-05-27 | 上海华虹集成电路有限责任公司 | In-chip template attack resisting data transmission method |
US20180062828A1 (en) * | 2016-09-01 | 2018-03-01 | Cryptography Research, Inc. | Protecting block cipher computation operations from external monitoring attacks |
US10489564B2 (en) * | 2016-02-09 | 2019-11-26 | Siemens Aktiengesellschaft | Method and execution environment for the secure execution of program instructions |
CN110908634A (en) * | 2019-11-13 | 2020-03-24 | 北京中电华大电子设计有限责任公司 | Random sequence generating device and control method thereof |
US10715517B2 (en) | 2018-04-25 | 2020-07-14 | Siemens Aktiengesellschaft | Retrieval device for authentication information, system and method for secure authentication |
US11196564B2 (en) | 2018-06-19 | 2021-12-07 | Siemens Aktiengesellschaft | Hierarchical distributed ledger |
US11288400B2 (en) * | 2016-10-13 | 2022-03-29 | Siemens Aktiengesellschaft | Method, transmitter, and receiver for authenticating and protecting the integrity of message contents |
US11424933B2 (en) | 2017-06-09 | 2022-08-23 | Siemens Aktiengesellschaft | Method and apparatus for exchanging messages |
US11568088B2 (en) | 2016-03-31 | 2023-01-31 | Siemens Aktiengesellschaft | Method, processor and device for checking the integrity of user data |
US11609996B2 (en) | 2018-04-25 | 2023-03-21 | Siemens Aktiengesellschaft | Data processing apparatus, system, and method for proving or checking the security of a data processing apparatus |
US11662702B2 (en) | 2017-12-22 | 2023-05-30 | Siemens Aktiengesellschaft | Method for protecting the production data for producing a product |
US11755719B2 (en) | 2017-12-27 | 2023-09-12 | Siemens Aktiengesellschaft | Interface for a hardware security module |
US11882447B2 (en) | 2018-08-09 | 2024-01-23 | Siemens Aktiengesellschaft | Computer-implemented method and network access server for connecting a network component to a network with an extended network access identifier |
Families Citing this family (34)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI712915B (en) | 2014-06-12 | 2020-12-11 | 美商密碼研究公司 | Methods of executing a cryptographic operation, and computer-readable non-transitory storage medium |
DE102016200850A1 (en) | 2016-01-21 | 2017-07-27 | Siemens Aktiengesellschaft | Method for operating a safety-relevant device and device |
DE102016200907A1 (en) | 2016-01-22 | 2017-07-27 | Siemens Aktiengesellschaft | Method for operating a safety-relevant device and device |
DE102016201176A1 (en) | 2016-01-27 | 2017-07-27 | Siemens Aktiengesellschaft | Method and apparatus for generating random bits |
DE102016203534A1 (en) | 2016-03-03 | 2017-09-07 | Siemens Aktiengesellschaft | Method and analysis module for checking encrypted data transmissions |
DE102016207294A1 (en) | 2016-04-28 | 2017-11-02 | Siemens Aktiengesellschaft | Procedure and certificate store for certificate management |
DE102016207642A1 (en) | 2016-05-03 | 2017-11-09 | Siemens Aktiengesellschaft | Method and apparatus for authenticating a data stream |
DE102016207635A1 (en) | 2016-05-03 | 2017-11-09 | Siemens Aktiengesellschaft | Method and device for securing device access |
EP3252990A1 (en) | 2016-06-03 | 2017-12-06 | Siemens Aktiengesellschaft | Method and device for providing a secret for authenticating a system and/or components of the system |
DE102016221301A1 (en) | 2016-10-28 | 2018-05-03 | Siemens Aktiengesellschaft | Method and apparatus for providing a sender identification message for a sender |
EP3435272B1 (en) | 2017-07-27 | 2020-11-04 | Siemens Aktiengesellschaft | Method and device for identifying an additive work piece |
DE102017223099A1 (en) | 2017-12-18 | 2019-06-19 | Siemens Aktiengesellschaft | Apparatus and method for transferring data between a first and a second network |
EP3503493A1 (en) | 2017-12-22 | 2019-06-26 | Siemens Aktiengesellschaft | Communication device and method for processing a network package |
EP3509247A1 (en) | 2018-01-03 | 2019-07-10 | Siemens Aktiengesellschaft | Method and key generator for creating an overall key with the support of a computer |
EP3509004A1 (en) | 2018-01-03 | 2019-07-10 | Siemens Aktiengesellschaft | Adaption of mac policies in industrial devices |
EP3514743A1 (en) | 2018-01-22 | 2019-07-24 | Siemens Aktiengesellschaft | Device and method for providing instruction data for manufacturing an individualized product |
EP3534282A1 (en) | 2018-03-01 | 2019-09-04 | Siemens Aktiengesellschaft | Method and security module for the computer-aided execution of program code |
EP3557463B1 (en) | 2018-04-16 | 2020-10-21 | Siemens Aktiengesellschaft | Method and execution environment for executing program code on a control device |
EP3562194B1 (en) | 2018-04-23 | 2021-07-28 | Siemens Aktiengesellschaft | Method for identifying at least one network slice configuration of a mobile network, communication system, and automation system |
EP3562090B1 (en) | 2018-04-25 | 2020-07-01 | Siemens Aktiengesellschaft | Data processing device for processing a radio signal |
EP3562116A1 (en) | 2018-04-26 | 2019-10-30 | Siemens Aktiengesellschaft | Cryptographic key exchange or key agreement involving a device without network access |
EP3570489B1 (en) | 2018-05-18 | 2020-04-08 | Siemens Aktiengesellschaft | Device and method for transforming blockchain data blocks |
EP3598364A1 (en) | 2018-07-17 | 2020-01-22 | Siemens Aktiengesellschaft | Timing constraint for transactions of a distributed database system |
EP3598365A1 (en) | 2018-07-17 | 2020-01-22 | Siemens Aktiengesellschaft | Traffic shaping for transactions of a distributed database system |
EP3598363A1 (en) | 2018-07-17 | 2020-01-22 | Siemens Aktiengesellschaft | Resource reservation for transactions of a distributed database system |
EP3599740A1 (en) | 2018-07-25 | 2020-01-29 | Siemens Aktiengesellschaft | Control of a data network with respect to a use of a distributed database |
EP3609148A1 (en) | 2018-08-06 | 2020-02-12 | Siemens Aktiengesellschaft | Methods and network node for processing measurements |
EP3614319A1 (en) | 2018-08-20 | 2020-02-26 | Siemens Aktiengesellschaft | Tracking execution of an industrial workflow of a petri net |
EP3629332A1 (en) | 2018-09-28 | 2020-04-01 | Siemens Aktiengesellschaft | Safe dispensing of a substance |
EP3633914A1 (en) | 2018-10-05 | 2020-04-08 | Siemens Aktiengesellschaft | Method and system for traceable data processing using obfuscation |
EP3637345A1 (en) | 2018-10-10 | 2020-04-15 | Siemens Aktiengesellschaft | Linking of identities in a distributed database |
EP3687209A1 (en) | 2019-01-25 | 2020-07-29 | Siemens Aktiengesellschaft | Secure multi-hop communication paths |
EP3693918A1 (en) | 2019-02-08 | 2020-08-12 | Siemens Gamesa Renewable Energy A/S | Operational data of an energy system |
EP3736715A1 (en) | 2019-05-10 | 2020-11-11 | Siemens Aktiengesellschaft | Managing admission to a distributed database based on a consensus process |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030182246A1 (en) * | 1999-12-10 | 2003-09-25 | Johnson William Nevil Heaton | Applications of fractal and/or chaotic techniques |
US20040193898A1 (en) * | 2003-01-08 | 2004-09-30 | Sony Corporation | Encryption processing apparatus, encryption processing method, and computer program |
US20060239503A1 (en) * | 2005-04-26 | 2006-10-26 | Verance Corporation | System reactions to the detection of embedded watermarks in a digital host content |
US7181017B1 (en) * | 2001-03-23 | 2007-02-20 | David Felsher | System and method for secure three-party communications |
US20080317251A1 (en) * | 2007-06-22 | 2008-12-25 | Patrick Foody | Methods and systems for storing and retrieving encrypted data |
US20100135637A1 (en) * | 2008-06-06 | 2010-06-03 | Deluxe Digital Studios, Inc. | Methods and systems for use in providing playback of variable length content in a fixed length framework |
US20100142915A1 (en) * | 2008-06-06 | 2010-06-10 | Deluxe Digital Studios, Inc. | Methods and systems for use in providing playback of variable length content in a fixed length framework |
US20100250497A1 (en) * | 2007-01-05 | 2010-09-30 | Redlich Ron M | Electromagnetic pulse (EMP) hardened information infrastructure with extractor, cloud dispersal, secure storage, content analysis and classification and method therefor |
US20130301832A1 (en) * | 2009-10-15 | 2013-11-14 | Jack Harper | Fingerprint scanning systems and methods |
US20140218165A1 (en) * | 2013-02-07 | 2014-08-07 | Daniel Charles Johnson | Method and apparatus for implementing multi-vendor rolling code keyless entry systems |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
ATE336122T1 (en) * | 1998-12-30 | 2006-09-15 | Nokia Corp | METHOD AND DEVICE FOR CRYPTOGRAPHIC DATA PROCESSING |
EP1192516A1 (en) * | 1999-06-09 | 2002-04-03 | Cloakware Corporation | Tamper resistant software encoding |
CN1985458B (en) * | 2003-11-16 | 2013-05-08 | 桑迪斯克以色列有限公司 | Enhanced natural Montgomery exponent masking |
JP4687775B2 (en) * | 2008-11-20 | 2011-05-25 | ソニー株式会社 | Cryptographic processing device |
-
2011
- 2011-12-14 DE DE102011088502A patent/DE102011088502B3/en not_active Expired - Fee Related
-
2012
- 2012-10-05 EP EP12187458.0A patent/EP2605445B1/en not_active Not-in-force
- 2012-12-12 US US13/711,724 patent/US20130156180A1/en not_active Abandoned
- 2012-12-14 CN CN2012105416635A patent/CN103166751A/en active Pending
Patent Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030182246A1 (en) * | 1999-12-10 | 2003-09-25 | Johnson William Nevil Heaton | Applications of fractal and/or chaotic techniques |
US7181017B1 (en) * | 2001-03-23 | 2007-02-20 | David Felsher | System and method for secure three-party communications |
US8316237B1 (en) * | 2001-03-23 | 2012-11-20 | Felsher David P | System and method for secure three-party communications |
US20040193898A1 (en) * | 2003-01-08 | 2004-09-30 | Sony Corporation | Encryption processing apparatus, encryption processing method, and computer program |
US20060239503A1 (en) * | 2005-04-26 | 2006-10-26 | Verance Corporation | System reactions to the detection of embedded watermarks in a digital host content |
US20100250497A1 (en) * | 2007-01-05 | 2010-09-30 | Redlich Ron M | Electromagnetic pulse (EMP) hardened information infrastructure with extractor, cloud dispersal, secure storage, content analysis and classification and method therefor |
US20080317251A1 (en) * | 2007-06-22 | 2008-12-25 | Patrick Foody | Methods and systems for storing and retrieving encrypted data |
US20100135637A1 (en) * | 2008-06-06 | 2010-06-03 | Deluxe Digital Studios, Inc. | Methods and systems for use in providing playback of variable length content in a fixed length framework |
US20100142915A1 (en) * | 2008-06-06 | 2010-06-10 | Deluxe Digital Studios, Inc. | Methods and systems for use in providing playback of variable length content in a fixed length framework |
US20130301832A1 (en) * | 2009-10-15 | 2013-11-14 | Jack Harper | Fingerprint scanning systems and methods |
US20140218165A1 (en) * | 2013-02-07 | 2014-08-07 | Daniel Charles Johnson | Method and apparatus for implementing multi-vendor rolling code keyless entry systems |
Cited By (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140195816A1 (en) * | 2013-01-09 | 2014-07-10 | Cisco Technology Inc. | Plaintext Injection Attack Protection |
US9262639B2 (en) * | 2013-01-09 | 2016-02-16 | Cisco Technology Inc. | Plaintext injection attack protection |
CN104657680A (en) * | 2013-11-20 | 2015-05-27 | 上海华虹集成电路有限责任公司 | In-chip template attack resisting data transmission method |
US10489564B2 (en) * | 2016-02-09 | 2019-11-26 | Siemens Aktiengesellschaft | Method and execution environment for the secure execution of program instructions |
US11568088B2 (en) | 2016-03-31 | 2023-01-31 | Siemens Aktiengesellschaft | Method, processor and device for checking the integrity of user data |
US20180062828A1 (en) * | 2016-09-01 | 2018-03-01 | Cryptography Research, Inc. | Protecting block cipher computation operations from external monitoring attacks |
US11743028B2 (en) * | 2016-09-01 | 2023-08-29 | Cryptography Research, Inc. | Protecting block cipher computation operations from external monitoring attacks |
US10771235B2 (en) * | 2016-09-01 | 2020-09-08 | Cryptography Research Inc. | Protecting block cipher computation operations from external monitoring attacks |
US11288400B2 (en) * | 2016-10-13 | 2022-03-29 | Siemens Aktiengesellschaft | Method, transmitter, and receiver for authenticating and protecting the integrity of message contents |
US11424933B2 (en) | 2017-06-09 | 2022-08-23 | Siemens Aktiengesellschaft | Method and apparatus for exchanging messages |
US11662702B2 (en) | 2017-12-22 | 2023-05-30 | Siemens Aktiengesellschaft | Method for protecting the production data for producing a product |
US11755719B2 (en) | 2017-12-27 | 2023-09-12 | Siemens Aktiengesellschaft | Interface for a hardware security module |
US11609996B2 (en) | 2018-04-25 | 2023-03-21 | Siemens Aktiengesellschaft | Data processing apparatus, system, and method for proving or checking the security of a data processing apparatus |
US10715517B2 (en) | 2018-04-25 | 2020-07-14 | Siemens Aktiengesellschaft | Retrieval device for authentication information, system and method for secure authentication |
US11196564B2 (en) | 2018-06-19 | 2021-12-07 | Siemens Aktiengesellschaft | Hierarchical distributed ledger |
US11882447B2 (en) | 2018-08-09 | 2024-01-23 | Siemens Aktiengesellschaft | Computer-implemented method and network access server for connecting a network component to a network with an extended network access identifier |
CN110908634A (en) * | 2019-11-13 | 2020-03-24 | 北京中电华大电子设计有限责任公司 | Random sequence generating device and control method thereof |
Also Published As
Publication number | Publication date |
---|---|
DE102011088502B3 (en) | 2013-05-08 |
CN103166751A (en) | 2013-06-19 |
EP2605445A1 (en) | 2013-06-19 |
EP2605445B1 (en) | 2015-09-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20130156180A1 (en) | Method And Device For Securing Block Ciphers Against Template Attacks | |
Zhang et al. | Chaos-based image encryption with total shuffling and bidirectional diffusion | |
Liu et al. | An image encryption algorithm based on Baker map with varying parameter | |
US11507705B2 (en) | Determining cryptographic operation masks for improving resistance to external monitoring attacks | |
CN108964872B (en) | Encryption method and device based on AES | |
US10180824B2 (en) | Computing device comprising a table network | |
CN105024803B (en) | Behavior fingerprint in white box realization | |
US8976960B2 (en) | Methods and apparatus for correlation protected processing of cryptographic operations | |
US10630462B2 (en) | Using white-box in a leakage-resilient primitive | |
EP3667647A1 (en) | Encryption device, encryption method, decryption device, and decryption method | |
EP3078154B1 (en) | A computing device for iterative application of table networks | |
WO2008013083A1 (en) | Pseudo random number generator, stream encrypting device, and program | |
Huang et al. | Cryptanalysis and security enhancement for a chaos-based color image encryption algorithm | |
Merz et al. | Factoring products of braids via garside normal form | |
WO2016063512A1 (en) | Mac tag list generating apparatus, mac tag list verifying apparatus, mac tag list generating method, mac tag list verifying method and program recording medium | |
EP2940917B1 (en) | Behavioral fingerprint in a white-box implementation | |
EP3475825B1 (en) | Cryptographic operations employing non-linear share encoding for protecting from external monitoring attacks | |
CN105024808A (en) | Security patch without changing the key | |
Chen et al. | The Security of Key Derivation Functions in WINRAR. | |
JP4611643B2 (en) | Individual key generator | |
EP2940920B1 (en) | Security patch without changing the key | |
Modugula | A Hybrid approach for Augmenting password security using Argon2i hashing and AES Scheme. | |
US11956345B2 (en) | DPA-resistant key derivation function | |
US20230017265A1 (en) | Method for performing cryptographic operations in a processing device, corresponding processing device and computer program product |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: SIEMENS AKTIENGESELLSCHAFT, GERMANY Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:HESS, ERWIN;REEL/FRAME:030378/0104 Effective date: 20130205 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |